Skip to main content

Reference Architecture: GenUI Copilot UI

Product forces

GenUI copilots optimize for safe AI-assisted workflows where the system can retrieve context, reason, stream progress, choose approved UI components, and request tool actions under policy.

Architecture sketch

Default decisions

AreaDefault
UI generationmodel may select from approved schemas, not arbitrary code
toolsrisk-classified, server-authorized, auditable, idempotent where possible
retrievalcitations visible when decisions depend on retrieved sources
streamingprogress events separate from final UI state
safetyprompt injection handling, policy gateway, kill switches
evaluationgolden tasks, regression evals, human review for high-risk flows

Critical risks

  • Treating model output as trusted UI code.
  • Client-side tool permission checks only.
  • Hidden retrieved evidence or unverifiable answers.
  • No eval suite before changing prompts/models/tools.
  • No kill switch for unsafe tool classes.

Review checklist

  • Is every generated UI element backed by an approved component schema?
  • Are tool calls authorized server-side?
  • Are high-risk actions gated by confirmation and audit?
  • Can users inspect citations or evidence?
  • Do evals cover prompt injection, retrieval failure, and unsafe action attempts?

Exercises

  1. Classify five copilot tools by risk.
  2. Design a component registry contract for cards, tables, forms, and actions.
  3. Write an eval matrix for a retrieval-grounded workflow.

Source lens

Pair this with Part XIII GenUI architecture, the GenUI review packet, and the GenUI capstone.